package cc.idoone.spring_boot_hello.shiro;

import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

/**
 * @author hemj
 * @since 2017/10/21
 */
@Configuration
public class ShiroConfig {

	@Bean
	public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
		System.out.println("ShiroConfig.shirFilter()");
		ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
		shiroFilterFactoryBean.setSecurityManager(securityManager);
		// 过滤器设置
		// 1、一个URL可以配置多个Filter，使用逗号分隔
		// 2、当设置多个过滤器时，全部验证通过，才视为通过
		// 3、部分过滤器可指定参数，如 perms, roles
		// 4、相同路径下，具体的放前面，泛指的（/**）放后面
		Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
		// anon: 所有url都都可以匿名访问
		filterChainDefinitionMap.put("/static/**", "anon");
		// logout: 配置退出过滤器, 其中的具体的退出代码Shiro 已经替我们实现了
		filterChainDefinitionMap.put("/logout", "logout");
		// 权限验证
		filterChainDefinitionMap.put("/shiro/userInfo", "perms[sys.user.getUser]");
		filterChainDefinitionMap.put("/shiro/userAdd", "roles[root],perms[sys.user.addUser]");
		// authc: 所有url都必须认证通过才可以访问
		filterChainDefinitionMap.put("/shiro/**", "authc");
		// authc: 所有url都必须认证通过才可以访问
		filterChainDefinitionMap.put("*.xml", "authc");
		// anon: 所有url都都可以匿名访问
		filterChainDefinitionMap.put("/**", "anon");

		// 登录页面设置: 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
		shiroFilterFactoryBean.setLoginUrl("/shiro/login");
		// 登录成功后要跳转的链接
		shiroFilterFactoryBean.setSuccessUrl("/shiro/index");
		// 未授权界面;
		shiroFilterFactoryBean.setUnauthorizedUrl("/shiro/403");
		shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
		return shiroFilterFactoryBean;
	}

	/**
	 * 凭证匹配器
	 */
	@Bean
	public HashedCredentialsMatcher hashedCredentialsMatcher() {
		HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
		hashedCredentialsMatcher.setHashAlgorithmName("md5"); //散列算法:这里使用MD5算法;
		hashedCredentialsMatcher.setHashIterations(2); //散列的次数，比如散列两次，相当于 md5(md5(""));
		return hashedCredentialsMatcher;
	}

	@Bean
	public ShiroRealm shiroRealm(HashedCredentialsMatcher hashedCredentialsMatcher) {
		ShiroRealm shiroRealm = new ShiroRealm();
		shiroRealm.setCredentialsMatcher(hashedCredentialsMatcher);
		return shiroRealm;
	}

	@Bean
	public SecurityManager securityManager(ShiroRealm shiroRealm, @Qualifier("shiroEhcacheManager") EhCacheManager ehCacheManager) {
		DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
		securityManager.setRealm(shiroRealm);
		securityManager.setCacheManager(ehCacheManager); //可选
		return securityManager;
	}

	/**
	 * 开启 shiro aop 注解支持
	 */
	@Bean
	public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
		AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
		authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
		return authorizationAttributeSourceAdvisor;
	}

	@Bean(name = "lifecycleBeanPostProcessor")
	public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {
		return new LifecycleBeanPostProcessor();
	}

	@Bean
	public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {
		DefaultAdvisorAutoProxyCreator daap = new DefaultAdvisorAutoProxyCreator();
		daap.setProxyTargetClass(true);
		return daap;
	}

	@Bean(name = "shiroEhcacheManager")
	public EhCacheManager getEhCacheManager() {
		EhCacheManager em = new EhCacheManager();
		em.setCacheManagerConfigFile("classpath:ehcache-shiro.xml");
		return em;
	}
}
